- Thierry Spanjaard
Denial still takes its toll in IT security
Thales has just published the latest edition of its yearly Data Threat Report, elaborated with IDC, which is full of interesting data when it comes to data security.
With the ongoing Digital Transformation, companies become increasingly conscious that they are dependent on the operation of their digital systems thus on the security of their data. According to the report, half of all data is now stored in cloud environments, and 48% of that data is sensitive. The increasing complexity of data environment is driven by a proliferation of multiple clouds and more open systems. Interestingly while almost half (49%) of all respondents have experienced a data breach at some point, they are still not always conscious of the risks.
Organizations are housing their sensitive data across a broad range of technologies, including SaaS applications, social media, IaaS environments but also mobile payments and IoT demonstrating the enterprise network is no longer the single repository of company data.
As a consequence, over 98% of organizations have some data in the cloud. As more sensitive data is stored in cloud environments, data security risks increase. Unfortunately, the awareness to security issues does not increase at the same rate: only 57% of sensitive data stored in cloud environments is protected by encryption and less than half (48%) is protected by tokenization.
Security professionals try to tackle this issue; however, IT security is often considered as too complex. Perception is paramount; while risks grow year over year, the feeling of being at risk is decreasing: in 2019, 31% of organizations think their data are not at all vulnerable, and globally, respondents are not planning to increase their data security expenses.
Many organizations are concerned about data security issues regarding the cloud. However, they overestimate the risks of security issues at their cloud service provider while underestimating them for parameters under their control in their own organization.
IoT and mobile payment developments allow companies to provide more services and engage in more activities with their customers. They also mean a larger surface of attack, expanding security concerns. Focus is to be set to data discovery and key management, which is not the case in most organizations.
Top IoT security concerns from the 99% percent of respondents who have an IoT data security concern include device attacks, lack of skilled personnel, and encryption/ tokenization. As IoT devices are deployed, key management is increasingly important to effectively implement identity security and data encryption on IoT devices.
Mobile payments also seem to be an issue for many respondents: 99% of them have at least some data security concerns with mobile payments. Many solutions are considered to address mobile payment security. Chief among them are account data encryption, password controls, secure/encrypted wireless network protocols, and lock screens.
This report published by Thales, which, with the absorption of Gemalto, is not only a leader in digital identity and security but also in secure transactions, should lead its readers to turn to the secure transactions industry for solutions to their security issues. The secure transactions industry has developed for decades organizational and technical approaches that bring a solution to reduce the IT risks. What is still missing is a strong will of organizations to tackle these issues seriously and deal with them.